Problems during CHECKOUT

[magicsenses]

Hi,

 

This is a message I have received from one of my customers: "Having trouble with web page; I made an account and started shopping, but when I go to check out or view cart it kicks me out back to the log on page."

 

However, I received an order maybe 2 hours prior to this message. I personally checked the store but it works at my end.

 

Could anyone help me with this? Any suggestions appreciated.

 

 

Best wishes,

Simone

[♥Monika in Germany]

that may happen due to cookies set incorrectly for your site

 

you can post the upper few lines here for us to review

[magicsenses]

that may happen due to cookies set incorrectly for your site

 

you can post the upper few lines here for us to review

 

Dear Monika,

 

Thank you so much for your reply! I really appreciate it! What do you mean by the upper few lines? From what file? includes/configure.php?

 

<?php
/*
 osCommerce, Open Source E-Commerce Solutions
 http://www.oscommerce.com

 Copyright (c) 2003 osCommerce

 Released under the GNU General Public License
*/

// Define the webserver and path parameters
// * DIR_FS_* = Filesystem directories (local/physical)
// * DIR_WS_* = Webserver directories (virtual/URL)
 define('HTTP_SERVER', 'http://www.mysite.com'); // eg, http://localhost - should not be empty for productive servers
 define('HTTPS_SERVER', 'https://www.mysite.com'); // eg, https://localhost - should not be empty for productive servers
 define('ENABLE_SSL', true); // secure webserver for checkout procedure?
 define('HTTP_COOKIE_DOMAIN', 'www.mysite.com');
 define('HTTPS_COOKIE_DOMAIN', 'www.mysite.com');
 define('HTTP_COOKIE_PATH', '/');
 define('HTTPS_COOKIE_PATH', '/');
 define('DIR_WS_HTTP_CATALOG', '/');
 define('DIR_WS_HTTPS_CATALOG', '/');
 define('DIR_WS_IMAGES', 'images/');
 define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');
 define('DIR_WS_INCLUDES', 'includes/');
 define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');
 define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');
 define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');
 define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');
 define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

 define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/');
 define('DIR_FS_CATALOG', '/home/userid/public_html/');
 define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/');
 define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/');

 

I have replaced the name of the website and the userid.

This problem has been bothering me for a while... some orders go through, others don't. I've been reading the forum but I haven't found the answer yet...

 

Thanks again.

Simone

[♥Monika in Germany]

hmmm...

cookies look ok, while I normally omit the www. or the www only, depending on the server. You have SSL set up correctly and for the domain name same as in config file?

 

Can you post the settings from the sessions entry in the admin panel of osC, configuration box?

 

Also, double check if you have secondary config files in your includes/local folders

[magicsenses]

hmmm...

cookies look ok, while I normally omit the www. or the www only, depending on the server. You have SSL set up correctly and for the domain name same as in config file?

 

Can you post the settings from the sessions entry in the admin panel of osC, configuration box?

 

Also, double check if you have secondary config files in your includes/local folders

 

My settings for SESSIONS:

 

Session Directory: /tmp

Force Cookie Use: false

Check SSL session ID: false

Check user agent: false

Check IP address: true

Prevent spider sessions: true

Recreate session: false

 

Also, I checked on the includes/local/ and I do not have any secondary configure file...

 

Thank you for your support!

Simone

[♥Monika in Germany]

Simone, PM me your site url and admin please to try a few things

[♥Monika in Germany]

Hi Simone, I cannot reproduce the problem either, sorry. All fine at my end.

[magicsenses]

Hi Simone, I cannot reproduce the problem either, sorry. All fine at my end.

 

oh :( Do you think that setting Prevent Spider Sessions to FALSE might help?

 

Anyway, big THANK YOU for trying and support!! :) :thumbsup:

 

Best regards,

Simone

[♥Monika in Germany]

no!!!! if you do not prevent spider sessions, horrible things can happen. The only parameter I do not normally have is the

 

Check IP address: true

 

What if you tried setting that to false. Are you in contact with that customer and could you have him retry after that?

[magicsenses]

no!!!! if you do not prevent spider sessions, horrible things can happen. The only parameter I do not normally have is the

 

Check IP address: true

 

What if you tried setting that to false. Are you in contact with that customer and could you have him retry after that?

 

ok. I'll try that! I'll e-mail her back...

Thank you, Monika!

 

best wishes,

Simone

[sajde]

I had the same problem. Whenever someone attemted to check out, and when they confirmed the order they where kicked out of the shop and to the login page. I spent night after night to try to solv the problem and the solution that worked for me was to change the:

 

define('HTTP_COOKIE_DOMAIN', 'www.mysite.com');

to

define('HTTP_COOKIE_DOMAIN', 'http://www.mysite.com');

 

in the config.php.

 

It does not make sense but might be worth trying.

 

 

 

 

 

Regards,

Atle

[♥Monika in Germany]

this makes all cookies useless ... not sure how that would help?!

[sajde]

This might not solve the real problem but disable it. I searched several forums and there where quite a few users who reported a similar problem. But there were no solutions to find.

I do not have very much PHP programming skills so I started to check all configurations in the shop and by changing this setting the problem disappeared and my shop was operative again. And that is what is most important to me.

 

To me it appeared as the page after the confirm page lost the session and re-directed the user to the login page. When I looked on the whos online in the admin section I could see how the user got more and more sessions. If the user logged out only one session disappeared and the other sessions disappeared after some minutes.

 

 

I will be very happy if someone can find the real solution. Maybe this can be a clue to find it. I will be willing to try anything.

 

 

Regards

Atle

[♥Monika in Germany]

it's well possible that cookies had never been set correctly. To determin, I'd need to see the first few lines of the configure.php

[mstephen]

Hi,

 

I should begin by apologizing for posting this issue here for it does not belong here. But his thread seems to be more active and I hoped to get a quick response.

 

 

The snippet of code below comes from function tep_address_format(...) in the file general.php

 

looking somewhere in the middle of this code, there is a call to eval(...), can someone tell me what is this suppose to mean? The $address is an array but after the call to eval(....) this array can be concated with strings like it is a string as well. I also think that $fmt is an integer.

 

Please help.

 

 

$statecomma = '';

$streets = $street;

if ($suburb != '') $streets = $street . $cr . $suburb;

if ($state != '') $statecomma = $state . ', ';

 

$fmt = $address_format['format'];

eval("\$address = \"$fmt\";");

 

if ( (ACCOUNT_COMPANY == 'true') && (tep_not_null($company)) ) {

$address = $company . $cr . $address;

}

 

return $address;

[sajde]

it's well possible that cookies had never been set correctly. To determin, I'd need to see the first few lines of the configure.php

 

 

Here is my config:

 

define('DIR_FS_ADMIN', '/hsphere/local/home/xxxxxxxxx/no.mysite.com/admin/');

define('HTTP_SERVER', 'no.mysite.com');

define('HTTPS_SERVER', '');

define('ENABLE_SSL', false); // secure webserver for checkout procedure?

define('HTTP_COOKIE_DOMAIN', 'http://no.mysite.com');

//define('HTTP_MAIL_DOMAIN', 'http://no.mysite.com');

define('HTTPS_COOKIE_DOMAIN', '');

define('HTTP_COOKIE_PATH', '/');

define('HTTPS_COOKIE_PATH', '/');

define('DIR_WS_HTTP_CATALOG', '/');

define('DIR_WS_HTTPS_CATALOG', '/');

define('DIR_WS_IMAGES', 'images/');

define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');

define('DIR_WS_INCLUDES', 'includes/');

define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');

define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/'); define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');

define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');

define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

 

When customers check out they are re-directed to a secure server and completes the transaction there. It is when this module (cardia) makes a call to the secure server everything goes wrong and the customer is re-directed to the login page. I'll go thru all the cardia files to see if I can find anything.

 

PS I also have a config file in includes/local/.

 

Regards

Atle

[xronis]

hey Monica please tell mw what's wrong.as you see it's a shared cert.i can't log in as a customer

/e-shop/includes/configure.php

define('HTTP_SERVER', 'http://hellasfon.com'); // eg, http://localhost - should not be empty for productive servers

define('HTTPS_SERVER', 'https://storm.secureguards.com/~hellas1'); // eg, https://localhost - should not be empty for productive servers

define('ENABLE_SSL', true); // secure webserver for checkout procedure?

define('HTTP_COOKIE_DOMAIN', 'hellasfon.com');

define('HTTPS_COOKIE_DOMAIN', 'https://storm.secureguards.com/~hellas1');

define('HTTP_COOKIE_PATH', '/e-shop/');

define('HTTPS_COOKIE_PATH', 'https://storm.secureguards.com/~hellas1/e-shop/');

define('DIR_WS_HTTP_CATALOG', '/e-shop/');

define('DIR_WS_HTTPS_CATALOG', '/e-shop/')

/admin/includes/configure.php

define('HTTP_SERVER', 'http://hellasfon.com'); // eg, http://localhost - should not be empty for productive servers

define('HTTP_CATALOG_SERVER', 'http://hellasfon.com');

define('HTTPS_CATALOG_SERVER', 'https://storm.secureguards.com/~hellas1');

define('ENABLE_SSL_CATALOG', 'true'); // secure webserver for catalog module

define('DIR_FS_DOCUMENT_ROOT', '/home/hellas1/public_html/e-shop/'); // where the pages are located on the server

define('DIR_WS_ADMIN', '/e-shop/admin/'); // absolute path required

define('DIR_FS_ADMIN', '/home/hellas1/public_html/e-shop/admin/'); // absolute pate required

define('DIR_WS_CATALOG', '/e-shop/'); // absolute path required

define('DIR_FS_CATALOG', '/home/hellas1/public_html/e-shop/'); // absolute path

 

 

Session Directory /tmp

Force Cookie Use true

Check SSL Session ID true

Check User Agent false

Check IP Address False

Prevent Spider Sessions true

Recreate Session true

 

p.s i have a configure_.php in /e-shop/includes/configure.php i don't know where it came from.should i delete it??

 

thanks so much in advance P.

[jdvb]

if the ip adress of the customer changes, when check IP is true, by default the current session will be destroyed and the customer will be redirected to the login page.

 

Disabaling the check IP would then work, yet if someone clicks a link that includes a session in the url, you could then end up with several customers with the same address, or even each others credit card numbers and stuff. To prevent that I check user agent and session id. If a session is not active, I redirect the customer to the same page without the osCsid in the url, with a 301 Permanently moved in the header. (searchengines will then remove the osCsid from its url also).

 

how I fixed that you can find here

[♥Monika in Germany]

admin config file is fine, you can leave as is

the extra config file has no new info right? make a local backup, and delete online

 

I use these settings for the sessions:

set all to false apart from the prevent spider (leave the directory as is)

 

modify the catalog config file to:

 

/e-shop/includes/configure.php

define('HTTP_SERVER', 'http://hellasfon.com'); // eg, http://localhost - should not be empty for productive servers

define('HTTPS_SERVER', 'https://storm.secureguards.com/~hellas1'); // eg, https://localhost - should not be empty for productive servers

define('ENABLE_SSL', true); // secure webserver for checkout procedure?

define('HTTP_COOKIE_DOMAIN', '.hellasfon.com');

define('HTTPS_COOKIE_DOMAIN', 'storm.secureguards.com/~hellas1');

define('HTTP_COOKIE_PATH', '/e-shop/');

define('HTTPS_COOKIE_PATH', '/e-shop/');

define('DIR_WS_HTTP_CATALOG', '/e-shop/');

define('DIR_WS_HTTPS_CATALOG', '/e-shop/')

 

 

let me know if this took care of your issues...

[xronis]

if the ip adress of the customer changes, when check IP is true, by default the current session will be destroyed and the customer will be redirected to the login page.

 

Disabaling the check IP would then work, yet if someone clicks a link that includes a session in the url, you could then end up with several customers with the same address, or even each others credit card numbers and stuff. To prevent that I check user agent and session id. If a session is not active, I redirect the customer to the same page without the osCsid in the url, with a 301 Permanently moved in the header. (searchengines will then remove the osCsid from its url also).

 

how I fixed that you can find here

 

jdvb is my config ok?

let's take this step by step

thanks

[xronis]

oh yes ,it did Mon

 

thanks so much

 

what's with the '.hellasfon.com'?

 

can i ask you about the proxypay module?

[♥Monika in Germany]

the .hellasfon works better on most shared servers

 

sorry, I know nothing about proxypay, but I'm sure there is a support thread for it ...

[xronis]

the .hellasfon works better on most shared servers

 

sorry, I know nothing about proxypay, but I'm sure there is a support thread for it ...

thanks anyway .you re a beauty! :blush:

[xronis]

the .hellasfon works better on most shared servers

 

sorry, I know nothing about proxypay, but I'm sure there is a support thread for it ...

oh Mon one last thing

 

 

in mozzila everything is cool but in exporer

i don't get the Lock in the lower right corner of the browser

 

any comments??

[♥Monika in Germany]

I get the lock in IE

 

why are yous ending people on SSL into your shop? there is no need to do so. The pw protection is for the test phase?